SlideShare a Scribd company logo
1 of 26
 5.1 The Basis of Security Testing
 5.2 Security Risks
 5.3 Information Security Policies and
Procedures
 5.4 Security Auditing and Its Role in Security
Testing
 Security testing is the process of to discover the weaknesses,
risks, or threats in the software application.
 It also us to stop the nasty attack from the outsiders and
make sure the security of our software applications.
 objective of security testing is to find all the potential
ambiguities and vulnerabilities of the application so that the
software does not stop working.
 it helps us to identify all the possible security threats and also
help the programmer to fix those errors.
 Availability
 In this, the data must be retained by an official
person, and they also guarantee that the data
and statement services will be ready to use
whenever we need it.
 Integrity
 In this, we will secure those data which have
been changed by the unofficial person. The
primary objective of integrity is to permit the
receiver to control the data that is given by the
system.
 Authorization
 It is the process of defining that a client is permitted to
perform an action and also receive the services. The
example of authorization is Access control.
 Confidentiality
 It is a security process that protracts the leak of the
data from the outsider's because it is the only way
where we can make sure the security of our data.
 Authentication
 The authentication process comprises confirming the
individuality of a person, tracing the source of a
product that is necessary to allow access to the
private information or the system.
 Non- repudiation
 It is used as a reference to the digital security,
and it a way of assurance that the sender of a
message cannot disagree with having sent the
message and that the recipient cannot
repudiate having received the message.
 The non-repudiation is used to ensure that a
conveyed message has been sent and
received by the person who claims to have
sent and received the message.
 We have various security testing tools
available in the market, which are as
follows:
 SonarQube
 ZAP
 Netsparker
 Arachni
 IronWASP
 A security risk assessment identifies,
assesses, and implements key security
controls in applications.
 It focuses on preventing application security
defects and vulnerabilities.
 Carrying out a risk assessment allows an
organization to view the application portfolio
holistically—from an attacker’s perspective.
 It supports managers in making informed
resource allocation, tooling, and security
control implementation decisions.
 Thus, conducting an assessment is an
integral part of an organization’s risk
 Identification. Determine all critical assets of
the technology infrastructure. Next, diagnose
sensitive data that is created, stored, or
transmitted by these assets. Create a risk
profile for each.
 Assessment. Administer an approach to
assess the identified security risks for critical
assets. After careful evaluation and
assessment, determine how to effectively
and efficiently allocate time and resources
towards risk mitigation. The assessment
approach or methodology must analyze the
correlation between assets, threats,
 Mitigation. Define a mitigation approach
and enforce security controls for each risk.
 Prevention. Implement tools and
processes to minimize threats and
vulnerabilities from occurring in your firm’s
resources.
 Identify assets (e.g., network, servers,
applications, data centers, tools, etc.) within
the organization.
 Create risk profiles for each asset.
 Understand what data is stored, transmitted,
and generated by these assets.
 Assess asset criticality regarding business
operations. This includes the overall impact
to revenue, reputation, and the likelihood of a
firm’s exploitation.
 Measure the risk ranking for assets and
prioritize them for assessment.
 Apply mitigating controls for each asset
 An information security policy (ISP) is a
set of rules, policies and procedures
designed to ensure all end users and
networks within an organization meet
minimum IT security and data protection
security requirements.
 ISPs should address all data, programs,
systems, facilities, infrastructure,
authorized users, third parties and fourth
parties of an organization.
 Establish a general approach to information security
 Document security measures and user access
control policies
 Detect and minimize the impact of compromised
information assets such as misuse of data, networks,
mobile devices, computers and applications
 Protect the reputation of the organization
 Comply with legal and regulatory requirements like
NIST, GDPR, HIPAA and FERPA
 Protect their customer's data, such as credit card
numbers
 Provide effective mechanisms to respond to
complaints and queries related to real or perceived
cyber security risks such
as phishing, malware and ransomware
 Limit access to key information technology assets to
 Confidentiality: data and information are
protected from unauthorized access
 Integrity: Data is intact, complete and
accurate
 Availability: IT systems are available
when needed
 A security audit is a systematic evaluation
of the security of a company's information
system by measuring how well it conforms
to an established set of criteria.
 This assessment measures your
information system’s security against
an audit checklist of industry best
practices, externally established
standards, and/or federal regulations
 Physical components of your information system
and the environment in which the information
system is housed.
 Applications and software, including security
patches your systems administrators, have
already implemented.
 Network vulnerabilities, including public and
private access and firewall configurations.
 The human dimension, including how employees
collect, share, and store highly sensitive
information.
 The organization’s overall security strategy,
including security policies, organization charts,
 A security audit compares your
organization’s actual IT practices with the
standards relevant to your enterprise and
will identify areas for remediation and
growth.
 Specifically, auditors will review security
controls for adequacy, validate compliance
with security policies, identify breaches,
and ultimately make recommendations to
address their findings.
 The audit will result in a report with
observations, recommended changes,
and other details about your security
program.
 The audit report may describe specific
security vulnerabilities or reveal previously
undiscovered security breaches.
 These findings can then be used to inform
your cybersecurity risk management
approach.
 A security audit will provide a roadmap of
your organization’s main information
security weaknesses and identify where it
is meeting the criteria the organization has
set out to follow and where it isn’t.
 Security audits are crucial to
developing risk assessment plans and
mitigation strategies for organizations
dealing with sensitive and confidential
data.
 Successful security audits should give
your team a snapshot of your
organization’s security posture at that
point in time and provide enough detail to
give your team a place to start with
remediation or improvement activities.
 Some security-centric audits may also
serve as formal compliance audits,
completed by a third-party audit team for
the purpose of certifying against ISO
 Security audits also provide your
organization with a different view of IT
security practices and strategy, whether
they are conducted by an internal audit
function or through an external audit.
 Having your organization’s security
policies scrutinized can provide valuable
insights into how to implement better
controls or streamline existing processes.
 Security audits are an important tool and
method for operating an up-to-date and
effective information security program.
 cybersecurity amplifies an organization’s
capability to respond to security threats.
 https://www.synopsys.com/glossary/what-
is-security-risk-assessment.html
 https://www.auditboard.com/blog/what-is-
security-audit/

More Related Content

What's hot

Chapter 4 - Deployment & Delivery
Chapter 4 - Deployment & DeliveryChapter 4 - Deployment & Delivery
Chapter 4 - Deployment & DeliveryNeeraj Kumar Singh
 
Software Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing TrendsSoftware Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing TrendsKMS Technology
 
Software Testing: History, Trends, Perspectives - a Brief Overview
Software Testing: History, Trends, Perspectives - a Brief OverviewSoftware Testing: History, Trends, Perspectives - a Brief Overview
Software Testing: History, Trends, Perspectives - a Brief OverviewSoftheme
 
Chapter 3 - Agile Testing Methods, Techniques and Tools
Chapter 3 - Agile Testing Methods, Techniques and ToolsChapter 3 - Agile Testing Methods, Techniques and Tools
Chapter 3 - Agile Testing Methods, Techniques and ToolsNeeraj Kumar Singh
 
ISTQB Foundation Level Basic
ISTQB Foundation Level BasicISTQB Foundation Level Basic
ISTQB Foundation Level BasicErol Selitektay
 
Chapter 2 - Performance Measurement Fundamentals
Chapter 2 - Performance Measurement FundamentalsChapter 2 - Performance Measurement Fundamentals
Chapter 2 - Performance Measurement FundamentalsNeeraj Kumar Singh
 
Chapter 4 - Testing Quality Characteristics
Chapter 4 - Testing Quality CharacteristicsChapter 4 - Testing Quality Characteristics
Chapter 4 - Testing Quality CharacteristicsNeeraj Kumar Singh
 
Software Testing Life Cycle
Software Testing Life CycleSoftware Testing Life Cycle
Software Testing Life Cyclegueste730d5
 
Strategies For Software Test Documentation
Strategies For Software Test Documentation Strategies For Software Test Documentation
Strategies For Software Test Documentation Vishwak Solution
 
Agile Testing Strategy
Agile Testing StrategyAgile Testing Strategy
Agile Testing Strategytharindakasun
 
What Is Functional Testing?
What Is Functional Testing?What Is Functional Testing?
What Is Functional Testing?QA InfoTech
 
Software testing life cycle
Software testing life cycleSoftware testing life cycle
Software testing life cycleGaruda Trainings
 
INTRODUCTION TO ISTQB FOUNDATION LEVEL - CTFL
INTRODUCTION TO ISTQB FOUNDATION LEVEL - CTFLINTRODUCTION TO ISTQB FOUNDATION LEVEL - CTFL
INTRODUCTION TO ISTQB FOUNDATION LEVEL - CTFLRahul R Pandya
 
Pruebas de software
Pruebas de softwarePruebas de software
Pruebas de softwareGomez Gomez
 
ISTQB Foundation Level Basic
ISTQB Foundation Level BasicISTQB Foundation Level Basic
ISTQB Foundation Level BasicSelin Gungor
 

What's hot (20)

Chapter 4 - Deployment & Delivery
Chapter 4 - Deployment & DeliveryChapter 4 - Deployment & Delivery
Chapter 4 - Deployment & Delivery
 
Manual testing ppt
Manual testing pptManual testing ppt
Manual testing ppt
 
Qa analyst training
Qa analyst training Qa analyst training
Qa analyst training
 
Software Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing TrendsSoftware Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing Trends
 
Software Testing: History, Trends, Perspectives - a Brief Overview
Software Testing: History, Trends, Perspectives - a Brief OverviewSoftware Testing: History, Trends, Perspectives - a Brief Overview
Software Testing: History, Trends, Perspectives - a Brief Overview
 
Testing fundamentals
Testing fundamentalsTesting fundamentals
Testing fundamentals
 
Chapter 3 - Agile Testing Methods, Techniques and Tools
Chapter 3 - Agile Testing Methods, Techniques and ToolsChapter 3 - Agile Testing Methods, Techniques and Tools
Chapter 3 - Agile Testing Methods, Techniques and Tools
 
Software quality assurance
Software quality assuranceSoftware quality assurance
Software quality assurance
 
ISTQB Foundation Level Basic
ISTQB Foundation Level BasicISTQB Foundation Level Basic
ISTQB Foundation Level Basic
 
Chapter 2 - Performance Measurement Fundamentals
Chapter 2 - Performance Measurement FundamentalsChapter 2 - Performance Measurement Fundamentals
Chapter 2 - Performance Measurement Fundamentals
 
Chapter 2 - Testing in Agile
Chapter 2 - Testing in AgileChapter 2 - Testing in Agile
Chapter 2 - Testing in Agile
 
Chapter 4 - Testing Quality Characteristics
Chapter 4 - Testing Quality CharacteristicsChapter 4 - Testing Quality Characteristics
Chapter 4 - Testing Quality Characteristics
 
Software Testing Life Cycle
Software Testing Life CycleSoftware Testing Life Cycle
Software Testing Life Cycle
 
Strategies For Software Test Documentation
Strategies For Software Test Documentation Strategies For Software Test Documentation
Strategies For Software Test Documentation
 
Agile Testing Strategy
Agile Testing StrategyAgile Testing Strategy
Agile Testing Strategy
 
What Is Functional Testing?
What Is Functional Testing?What Is Functional Testing?
What Is Functional Testing?
 
Software testing life cycle
Software testing life cycleSoftware testing life cycle
Software testing life cycle
 
INTRODUCTION TO ISTQB FOUNDATION LEVEL - CTFL
INTRODUCTION TO ISTQB FOUNDATION LEVEL - CTFLINTRODUCTION TO ISTQB FOUNDATION LEVEL - CTFL
INTRODUCTION TO ISTQB FOUNDATION LEVEL - CTFL
 
Pruebas de software
Pruebas de softwarePruebas de software
Pruebas de software
 
ISTQB Foundation Level Basic
ISTQB Foundation Level BasicISTQB Foundation Level Basic
ISTQB Foundation Level Basic
 

Similar to SDET UNIT 5.pptx

17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security |  Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security |  Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Security Experts
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
Vulnerability Assessment and Penetration Testing (VAPT).pdf
Vulnerability Assessment and Penetration Testing (VAPT).pdfVulnerability Assessment and Penetration Testing (VAPT).pdf
Vulnerability Assessment and Penetration Testing (VAPT).pdfCyber Security Experts
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxAfour tech
 
What to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration TestWhat to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration TestShyamMishra72
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptxcejobelle
 
2. Improving an Existing Sec Sys
2. Improving an Existing Sec Sys2. Improving an Existing Sec Sys
2. Improving an Existing Sec SysMicheal Isreal
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comphanleson
 
The Process of Conducting a Cyber Security Audit.pdf
The Process of Conducting a Cyber Security Audit.pdfThe Process of Conducting a Cyber Security Audit.pdf
The Process of Conducting a Cyber Security Audit.pdfCyber Security Experts
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Fameworklneut03
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnairePriyanka Aash
 

Similar to SDET UNIT 5.pptx (20)

17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security |  Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security |  Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
Vulnerability Assessment and Penetration Testing (VAPT).pdf
Vulnerability Assessment and Penetration Testing (VAPT).pdfVulnerability Assessment and Penetration Testing (VAPT).pdf
Vulnerability Assessment and Penetration Testing (VAPT).pdf
 
Security testing
Security testingSecurity testing
Security testing
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
 
What to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration TestWhat to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration Test
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptx
 
2. Improving an Existing Sec Sys
2. Improving an Existing Sec Sys2. Improving an Existing Sec Sys
2. Improving an Existing Sec Sys
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.com
 
The Process of Conducting a Cyber Security Audit.pdf
The Process of Conducting a Cyber Security Audit.pdfThe Process of Conducting a Cyber Security Audit.pdf
The Process of Conducting a Cyber Security Audit.pdf
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Famework
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnaire
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 

More from PallawiBulakh1

Research Methodology UNIT 4.pptx
Research Methodology UNIT 4.pptxResearch Methodology UNIT 4.pptx
Research Methodology UNIT 4.pptxPallawiBulakh1
 
Research Methodology UNIT 3.pptx
Research Methodology UNIT 3.pptxResearch Methodology UNIT 3.pptx
Research Methodology UNIT 3.pptxPallawiBulakh1
 
Research Methodology UNIT 2.pptx
Research Methodology UNIT 2.pptxResearch Methodology UNIT 2.pptx
Research Methodology UNIT 2.pptxPallawiBulakh1
 
Research Methodology UNIT 1.pptx
Research Methodology UNIT 1.pptxResearch Methodology UNIT 1.pptx
Research Methodology UNIT 1.pptxPallawiBulakh1
 
Introduction to web technology
Introduction to web technologyIntroduction to web technology
Introduction to web technologyPallawiBulakh1
 
How to write and publish good quality research paper
How to write and publish good quality research paperHow to write and publish good quality research paper
How to write and publish good quality research paperPallawiBulakh1
 

More from PallawiBulakh1 (12)

ch13.ppt
ch13.pptch13.ppt
ch13.ppt
 
RM UNIT 6.pptx
RM UNIT 6.pptxRM UNIT 6.pptx
RM UNIT 6.pptx
 
RM UNIT 5.pptx
RM UNIT 5.pptxRM UNIT 5.pptx
RM UNIT 5.pptx
 
Research Methodology UNIT 4.pptx
Research Methodology UNIT 4.pptxResearch Methodology UNIT 4.pptx
Research Methodology UNIT 4.pptx
 
Research Methodology UNIT 3.pptx
Research Methodology UNIT 3.pptxResearch Methodology UNIT 3.pptx
Research Methodology UNIT 3.pptx
 
Research Methodology UNIT 2.pptx
Research Methodology UNIT 2.pptxResearch Methodology UNIT 2.pptx
Research Methodology UNIT 2.pptx
 
Research Methodology UNIT 1.pptx
Research Methodology UNIT 1.pptxResearch Methodology UNIT 1.pptx
Research Methodology UNIT 1.pptx
 
Msword module 3
Msword  module 3Msword  module 3
Msword module 3
 
Ms word module 2
Ms word  module 2Ms word  module 2
Ms word module 2
 
Introduction to web technology
Introduction to web technologyIntroduction to web technology
Introduction to web technology
 
Ms word module 1
Ms word module 1Ms word module 1
Ms word module 1
 
How to write and publish good quality research paper
How to write and publish good quality research paperHow to write and publish good quality research paper
How to write and publish good quality research paper
 

Recently uploaded

Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 

Recently uploaded (20)

Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 

SDET UNIT 5.pptx

  • 1.
  • 2.  5.1 The Basis of Security Testing  5.2 Security Risks  5.3 Information Security Policies and Procedures  5.4 Security Auditing and Its Role in Security Testing
  • 3.  Security testing is the process of to discover the weaknesses, risks, or threats in the software application.  It also us to stop the nasty attack from the outsiders and make sure the security of our software applications.  objective of security testing is to find all the potential ambiguities and vulnerabilities of the application so that the software does not stop working.  it helps us to identify all the possible security threats and also help the programmer to fix those errors.
  • 4.
  • 5.  Availability  In this, the data must be retained by an official person, and they also guarantee that the data and statement services will be ready to use whenever we need it.  Integrity  In this, we will secure those data which have been changed by the unofficial person. The primary objective of integrity is to permit the receiver to control the data that is given by the system.
  • 6.  Authorization  It is the process of defining that a client is permitted to perform an action and also receive the services. The example of authorization is Access control.  Confidentiality  It is a security process that protracts the leak of the data from the outsider's because it is the only way where we can make sure the security of our data.  Authentication  The authentication process comprises confirming the individuality of a person, tracing the source of a product that is necessary to allow access to the private information or the system.
  • 7.  Non- repudiation  It is used as a reference to the digital security, and it a way of assurance that the sender of a message cannot disagree with having sent the message and that the recipient cannot repudiate having received the message.  The non-repudiation is used to ensure that a conveyed message has been sent and received by the person who claims to have sent and received the message.
  • 8.
  • 9.
  • 10.  We have various security testing tools available in the market, which are as follows:  SonarQube  ZAP  Netsparker  Arachni  IronWASP
  • 11.  A security risk assessment identifies, assesses, and implements key security controls in applications.  It focuses on preventing application security defects and vulnerabilities.  Carrying out a risk assessment allows an organization to view the application portfolio holistically—from an attacker’s perspective.  It supports managers in making informed resource allocation, tooling, and security control implementation decisions.  Thus, conducting an assessment is an integral part of an organization’s risk
  • 12.  Identification. Determine all critical assets of the technology infrastructure. Next, diagnose sensitive data that is created, stored, or transmitted by these assets. Create a risk profile for each.  Assessment. Administer an approach to assess the identified security risks for critical assets. After careful evaluation and assessment, determine how to effectively and efficiently allocate time and resources towards risk mitigation. The assessment approach or methodology must analyze the correlation between assets, threats,
  • 13.  Mitigation. Define a mitigation approach and enforce security controls for each risk.  Prevention. Implement tools and processes to minimize threats and vulnerabilities from occurring in your firm’s resources.
  • 14.  Identify assets (e.g., network, servers, applications, data centers, tools, etc.) within the organization.  Create risk profiles for each asset.  Understand what data is stored, transmitted, and generated by these assets.  Assess asset criticality regarding business operations. This includes the overall impact to revenue, reputation, and the likelihood of a firm’s exploitation.  Measure the risk ranking for assets and prioritize them for assessment.  Apply mitigating controls for each asset
  • 15.  An information security policy (ISP) is a set of rules, policies and procedures designed to ensure all end users and networks within an organization meet minimum IT security and data protection security requirements.  ISPs should address all data, programs, systems, facilities, infrastructure, authorized users, third parties and fourth parties of an organization.
  • 16.  Establish a general approach to information security  Document security measures and user access control policies  Detect and minimize the impact of compromised information assets such as misuse of data, networks, mobile devices, computers and applications  Protect the reputation of the organization  Comply with legal and regulatory requirements like NIST, GDPR, HIPAA and FERPA  Protect their customer's data, such as credit card numbers  Provide effective mechanisms to respond to complaints and queries related to real or perceived cyber security risks such as phishing, malware and ransomware  Limit access to key information technology assets to
  • 17.  Confidentiality: data and information are protected from unauthorized access  Integrity: Data is intact, complete and accurate  Availability: IT systems are available when needed
  • 18.  A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to an established set of criteria.  This assessment measures your information system’s security against an audit checklist of industry best practices, externally established standards, and/or federal regulations
  • 19.  Physical components of your information system and the environment in which the information system is housed.  Applications and software, including security patches your systems administrators, have already implemented.  Network vulnerabilities, including public and private access and firewall configurations.  The human dimension, including how employees collect, share, and store highly sensitive information.  The organization’s overall security strategy, including security policies, organization charts,
  • 20.  A security audit compares your organization’s actual IT practices with the standards relevant to your enterprise and will identify areas for remediation and growth.  Specifically, auditors will review security controls for adequacy, validate compliance with security policies, identify breaches, and ultimately make recommendations to address their findings.
  • 21.  The audit will result in a report with observations, recommended changes, and other details about your security program.  The audit report may describe specific security vulnerabilities or reveal previously undiscovered security breaches.  These findings can then be used to inform your cybersecurity risk management approach.
  • 22.  A security audit will provide a roadmap of your organization’s main information security weaknesses and identify where it is meeting the criteria the organization has set out to follow and where it isn’t.  Security audits are crucial to developing risk assessment plans and mitigation strategies for organizations dealing with sensitive and confidential data.
  • 23.  Successful security audits should give your team a snapshot of your organization’s security posture at that point in time and provide enough detail to give your team a place to start with remediation or improvement activities.  Some security-centric audits may also serve as formal compliance audits, completed by a third-party audit team for the purpose of certifying against ISO
  • 24.  Security audits also provide your organization with a different view of IT security practices and strategy, whether they are conducted by an internal audit function or through an external audit.  Having your organization’s security policies scrutinized can provide valuable insights into how to implement better controls or streamline existing processes.
  • 25.  Security audits are an important tool and method for operating an up-to-date and effective information security program.  cybersecurity amplifies an organization’s capability to respond to security threats.